Home > Network, Software > Use open-source software for your servers

Use open-source software for your servers

August 14th, 2009
Goto comments Leave a comment

We have been using open-source software for our servers at NDMC for the past months.  Being an educational institution on a tight budget, we cannot afford to buy licenses for commercial software so we choose to use open-source and free software, specifically GNU/Linux variants.

We were using Ubuntu 8.04 Long Term Support (LTS), which means it will be supported for the next five years (until 2013).

Then Bong, who has been experimenting with different variants of open-source server software suggested the following line-up:

  • pfSense – powerful Firewall, based on FreeBSD
  • Untangle – open source network gateway, web filter
  • eBox-Platform – domain controller, file server, print server, proxy server, mail server, and a lot more, based on Ubuntu 8.04
  • FreeNAS – file server, NAS server, based on FreeBSD

I added Proxmox Virtual Environment – an open-source virtualization platform to the list.  This allows us to create one or more Virtual Private Servers using just one computer.  This is our alternative to VMWare’s ESX.

The considerations for the above servers is also timely for our scheduled upgrade from 1.5Mbps to a 4Mbps Internet connection sometime next month.

Web Filter

There are 50 computers in our Internet laboratory, and there are about 50 computers from different offices connected to the Internet.  About 3 months ago,  we were having a lot of reports concerning viruses and malwares in the computers.  These has infected Internet Explorer and set the default home page to a pornography site.

We can clean the viruses but there must be a way to block these porn sites.  This is where we used Untangle as our web filter.  It’s very easy to install and has the following free components: Spam Blocker, Phish Blocker, Spyware Blocker, Web Filter, Virus Blocker, Intrusion Prevention, Protocol Control, Firewall, OpenVPN, Attack Blocker, and Reports.

Here is a screenshot of how Untangle’s web UI looks like (using Cammo skin):

screenshot-untangle-mozilla-firefox

Here is a screenshot of how Untangle blocks a certain web site:

screenshot-untangle-web-filter-warning-mozilla-firefox

File Server

We have no file server in our computer laboratories to serve as repository of files and exercises.  USB flash disks are used by the students as backup which carries a lot of viruses that often times corrupts these flash disks.  To solve this, we used eBox-Platform to be our file server.  The next problem is the encoding of users and permissions (about 800+ students, 90+ class schedules, 10 teachers, 8000+ access rights) which would take about a week.  What we did was:

  • export the enrolment program’s list of subjects scheduled in the laboratories with enrolled students and teachers into a CSV file;
  • create Bash scripts to encode these data into eBox’s users and groups;
  • join the Windows XP client computers into the domain.

With the above, it would take only about 3 hours to auto-encode the above users with permissions.  Actually, that’s about 5 minutes of issuing linux commands and 2:55 hours of letting the computer encode it for you. ;)

This file server is not yet implemented because we are in the middle of the semester now.  But it has already been demonstrated to the College of Information Technology and Engineering (CITE) teachers and they liked it.

So students and teachers can now have their domain account to be used in the laboratories.  This file server will help secure the student’s exercises and centralize checking by the teachers.  I have a detailed post at Creating a Laboratory File Server.

Here is how eBox’s Web Dashboard looks like:

screenshot-ebox-dashboard-mozilla-firefox

It looks empty because there are no logged-in users and computers.

Firewall

This will secure the network from the Internet.  We have 5 servers using public static IP addresses.  Whoever maintains these servers must secure it from the Internet and there was no centralized means of protecting our servers from the Internet.

We used pfSense – a very powerful firewall software with a lot of features.  This server is setup as a transparent firewall.  This gave us the confidence that our network is protected.

Now why would I want to setup pfSense as a transparent firewall you may ask?  Because we need the servers to still use the public static IP addresses:

Of course it’s such a waste of IP addresses, we could just do a port forwarding or NAT for the above, right?  Well, perhaps when we have enough time. ;)

Here is pfSense’s WebGUI:

screenshot-pfsensendmceduph-pfsense-webgui-mozilla-firefox

And here is pfSense’s Traffic Graph:

screenshot-pfsensendmceduph-status-traffic-graph-mozilla-firefox

I see this graph top at 1Mbps during office hours and I could just wonder “Geez, whoever made all those bandwidth requests?“.

There you go, the list of open-source software we use in our servers.  Hope you get to use them on your servers too.

Wait, what about Proxmox Virtual Environment?  I will create a separate post regarding virtualization and hypervisors. ;)

Thanks to Bong for doing a very good research.

Related Articles:

Author: Cyril Pauya Categories: Network, Software Tags: , , , , , ,
  1. No comments yet.
  1. No trackbacks yet.